Privacy — Singapore

Caselaw operates under the Personal Data Protection Act 2012 (PDPA) and the 2025 amendments for Singapore users. Data residency: Supabase EU-WEST (Frankfurt). Privacy regulator: Personal Data Protection Commission (Singapore).

• DPO designated and contactable at [email protected] — mandatory from 1 June 2025.
• GST 9% applied via Stripe Tax for Singapore transactions.
• Annual invoiced billing offered for users who can't run a card on file (PayNow recurring not yet supported).

What we collect

• Email address (account, magic-link auth, transactional comms)
• University / year-level / exam-focus (only what you give us in the waitlist or settings)
• Salted IP hash for abuse prevention (never raw IP)
• Reading history within Caselaw — used to drive flashcards and revision suggestions; never sold
• Stripe customer / subscription state (via Stripe; we do not store payment card data)

What we don't collect

• Tracking cookies that follow you off the site
• Third-party advertising profiles
• Card numbers (Stripe processes them — we never see them)
• Voice / video / camera data — we have none of those features

Your rights

Access, rectification, erasure ("right to be forgotten"), restriction of processing, data portability and the right to object — all exercisable by emailing [email protected]. We respond within 30 days. If you're not satisfied, you can lodge a complaint with the Personal Data Protection Commission (Singapore).

This regional privacy notice supplements our global privacy policy — read both. Effective 2026-05-01.